The Workshare Blog

Is your metadata better travelled than you?

Channel 4 News is running a very interesting project called ‘Data Baby’. Started in the backlash of NSA and GCHQ government snooping, they created a virtual online identity to measure how easy it was to gain access to ‘her’ data. The most shocking thing that has come out as an initial result of the experiment, is that it wasn’t a case of third parties accessing her data, but of ‘her’ mobile transmitting it over public and private Wi-Fi networks during her normal usage. It was not a case of intrusion, but of emission.

They found that in 24 hours the Data Baby’s mobile made around 350,000 requests to 315 different servers, none of them protected. The mobile’s geo-location, right down to the postcode was sent six times to advertising firms in the US and Ukraine. Even when idle for 45 minutes, the mobile still made 30,000 requests to 76 servers. Even the mobile’s unique ID was sent a dozen times, including when the phone was idle.

It got me thinking. Does anyone really know what information they are leaking? If a mobile phone is leaking that much personal information and connecting to that many unsanctioned servers, imagine how much sensitive corporate information is being leaked each day from mobile devices used for work.

At Workshare, we’ve been removing metadata from documents for over a decade, so for us the commercial risks inherent in exposing corporate metadata is something we’re well aware of. But do workers realize how much they are exposing? In our recent survey we found that 81% of employees access and share files on the move, with 69% using free file sharing to do so. Only 28% of those employees claimed that their IT departments were aware. Bearing in mind the amount of data mobile devices are leaking in use and at rest in an average 24 hours, imagine how much sensitive metadata is being exposed by employees via their mobile file sharing behavior?

Often, employees are publishing confidential documents on unsecure consumer-grade file sharing applications such as Dropbox, and inadvertently sharing files via email with metadata still attached. This can include track changes in a Word document, hidden figures in an Excel sheet and notes on a PowerPoint slide. I lose count of the number of stories there have been of large organizations exposing confidential corporate information through metadata due to human error and a lack of awareness about metadata and the consequences it poses.

It’s apparent the dangers of metadata are finally entering into the workplace agenda. As people become more aware of what metadata they expose, they understand the need to identify what metadata exists in documents and how they can deal with it to avoid data leaks. As more people use their personal mobile devices for work, organizations will have to rise to the metadata challenge and meet it head on, accommodating the need for applications that will protect their mobile workforce without disrupting the way they work, or risking the exposure of their most confidential assets.